DAVACO Hit with Class Action Over June 2021 Data Breach

New to ClassAction.org? Read our Newswire Disclaimer

DAVACO, Inc. faces a proposed class action that claims the project management company failed to adequately safeguard employee information from unauthorized access in the run up to a June 2021 data breach.

Per the lawsuit, DAVACO’s apparent failure to implement adequate data security and properly train employees to identify and protect against cyber threats allowed workers’ names, Social Security numbers and driver’s license or government-issued identification information to be accessed by unauthorized parties in a ransomware attack on or around June 11, 2021.

The case alleges affected employees, who reportedly received notice of the incident on or around July 2, have spent, and will continue to spend, “significant amounts of time and money” protecting against the consequences of the breach, including identity theft and fraud, given their private information “is now in the hands of thieves.”

According to the lawsuit, the defendant, a multi-site project management and deployment company that serves the retail, restaurant and hospitality industries, was first alerted to “suspicious activity” on its computer network on or around June 11. Per the complaint, DAVACO confirmed on June 15 that “unknown persons” had gained access to employees’ personal information through the company’s employee email accounts.

The suit argues that DAVACO failed to comply with Federal Trade Commission guidelines, industry standards and its own privacy policy representations regarding data security. Moreover, the lawsuit alleges the defendant’s apparent delay in identifying and reporting the incident to those affected caused additional harm by depriving victims of the opportunity to respond to and mitigate the effects of the incident.

The filing goes on to claim that DAVACO’s offer of 12 months of free identity protection services to employees whose Social Security numbers were compromised is “wholly inadequate” as victims of the breach may face multiple years of ongoing identity theft and fraud.

“The ramifications of Defendant’s failure to keep Plaintiff’ [sic] and Class Employees’ Sensitive Information secure are long lasting and severe,” the complaint scathes. “Once Sensitive Information is stolen, fraudulent use of that information and damage to victims may continue for years.”

The case, which was recently transferred to Texas federal court to be consolidated with a similar lawsuit, looks to represent anyone in California whose sensitive information stored or possessed by DAVACO was subject to the data breach announced by the company around July 2, 2021.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.